BSD Commit Log Search

shells/brush-shell-v0.4.0 / net/ipv6calc-4.4.0 / audio/vorbis-tools: Clean-up

   doc: Updated databases/mariadb1011-server to 10.11.18

   mariadb1011: Update to 10.6.27

   This update fixes various stability and security issues.

   Verified to build on NetBSD, FreeBSD, macOS, and Linux, with the
   exception of mariadb1011-embedded (quite messy).

brush-shellL cosmetic fix

   Cast a pointer via (uintptr_t) to fix 32bit builds

   doc: Updated shells/oh-my-posh to 29.15.0

   shells/oh-my-posh: update to 29.15.0

   Bug Fixes

       docs: correct async setting reference and ETag caching note (94f627c)
       docs: resolve markdownlint violations (36d285f)
       mcp: harden endpoint and add discovery file (91e647d)
       mcp: hoist message var and add isError to tool responses (20fc648)
       website: use dangerouslySetInnerHTML for JSON-LD scripts (a43f4bc)

   Features

       dsc: add skipExistingInit (33c72f0), closes #7560
       website: add AI agent discovery files (74d3656)
       website: improve agent readiness meta and MCP CORS (31c53cd)

   editres: make sure build finds the correct app-defaults dir.

   wget: fix build with nettle-4

brush-shell: fix build

   Updated net/yt-dlp, devel/py-xbe

   py-xbe: updated to 1.0.4

   1.0.4
   Unknown changes

   yt-dlp: updated to 2026.6.9

   yt-dlp 2026.06.09

   Important changes

   The minimum supported versions of Deno, Node, and Bun have been raised.
   The minimum required version of Deno is now v2.3.0; supported Node versions are v22 and up; Bun support has been deprecated and limited to versions 1.2.11 through 1.3.14.
   Security
   Usage of vulnerable conversions (e.g. %()s) with the --exec option is an all-too-common pitfall. To remedy this, --exec now only allows safe conversions in its command templates.
   Most users can simply replace %(...)s with %(...)q in their --exec argument(s). Numeric conversions are unaffected by this change. Using unsafe conversions with --exec poses a significant security risk. Read more
   [CVE-2026-50019] File Downloader cookie leak with curl
   Impact is limited to users of --downloader curl; cookies are now properly passed to curl so that it respects their scope
   [CVE-2026-50023] Dangerous file type creation via insufficient filename sanitization
   Writing files with the extensions .desktop, .url, or .webloc is now only allowed in the context of --write-link functionality
   [CVE-2026-50574] Arbitrary code execution via manifest downloads with aria2c
   Impact is limited to users of --downloader aria2c
   Support for downloading HLS and DASH formats with aria2c has been removed. Users affected by this change should migrate to use -N for concurrent fragment downloads via the native downloader

   updates for libdrm 2.4.134.

   merge libdrm 2.4.134

   initial import of libdrm-2.4.134

   Split pppoe(4) tests

   Updated net/libtorrent-rasterbar, net/bird

   bird: updated to 3.3.1

   3.3.1
   Many fixes, several security issues

   libtorrent-rasterbar: updated to 2.0.13

   2.0.13

   stricter basic auth handling for web seed
   fix bug in tracker announcements involving i2p trackers
   improve performance of disk job pool
   fix race when removing an auto managed torrent
   fix bug in post_download_queue() when a torrent complete
   in create_torrent, store symbolic links according to BEP 47
   strengthen peer encryption (obfuscation)
   improve HTTP response parsing
   optimize sanitization of symlinks when loading torrents
   stricter checking of tracker URLs
   fixed piece-picker accounting issue for filtered pieces
   add setting for NAT-PMP lease duration
   optimize v2 request sizes
   fix socks5 issues
   fix issue in loading v2 resume data merkle trees

   Updated security/py-cryptography[_vectors], devel/py-wcwidth

   py-wcwidth: updated to 0.8.1

   0.8.1
   Improved corrections tables

   py-cryptography py-cryptography_vectors: updated to 48.0.1

   48.0.1
   Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.

   doc: update for tickets 7128-7136

   Pullup ticket #7129 - requested by nia
   www/palemoon: Security fix

   Revisions pulled up:
   - www/palemoon/Makefile.common                                  1.7
   - www/palemoon/distinfo                                         1.44
   - www/palemoon/options.mk                                       1.4
   - www/palemoon/patches/patch-platform__media__ffvpx__config_unix_ppc.h deleted
   - www/palemoon/patches/patch-platform_layout_base_FrameProperties.h deleted
   - www/palemoon/patches/patch-platform_media_libvpx_config_linux_arm64_vpx__config.h deleted
   - www/palemoon/patches/patch-platform_security_generate__mapfile.py deleted

   ---
      Module Name:      pkgsrc
      Committed By:     nia
      Date:             Sat Jun  6 12:50:07 UTC 2026

      Modified Files:
        pkgsrc/www/palemoon: Makefile.common distinfo options.mk

    [16 lines not shown]

   doc: Updated chat/py-xmpppy to 0.7.4

   chat/py-xmpppy: Update to 0.7.4

   2026-06-09 0.7.4
   ================
   - Fixed ``UnicodeDecodeError`` while logging large stanzas by using ``backslashreplace`` handler.
     Thanks, @vthriller and @normanr.
   - Improved compatibility with Python 2. Thanks, @vbontchev.

   Fix an edit glitch.

   doc: Updated math/R-dplyr to 1.2.1nb1

   (math/R-dplyr) Updated 1.1.4 to 1.2.1, fix build against R 4.6.0

   # dplyr 1.2.1

   * dplyr is now fully compliant with the R C API (#7819).

   # dplyr 1.2.0

   ## New features

   * New `filter_out()` companion to `filter()`.

     * Use `filter()` when specifying rows to _keep_.

     * Use `filter_out()` when specifying rows to _drop_.

     `filter_out()` simplifies cases where you would have previously used
     a `filter()` to drop rows. It is particularly useful when missing
     values are involved. For example, to drop rows where the `count` is

    [376 lines not shown]